Tag Archive : IEC-61508

Functional Safety is safety captured in instructions. Instructions for operating a machine, instructions for driving a car, directions for assembling a bicycle. These instructions can be written in a natural language, like English or Japanese, and executed by humans, or captured in software code to be run on a computer.

It is safety in design and execution:

  • Execution controlled most often by software, programming or, for humans, via work-, assembly- or process-instructions,
  • directing actions of and movement within and by, devices, products, equipment, machinery, and/or people,
  • which could be harmful to people, animals, pets, or the environment,
  • if not monitored for the appearance of hazards, which are most often failures in computing, interface, sensing, actuating hardware, wiring and cable, or a failure to follow instructions,
  • but could be other sources of harm, such as the COVID-19 virus or other natural phenomena,
  • or in the development of software (bugs), or those instructions.

As opposed to safety in design and construction, which is:

  • safety of parts, components, and assemblies, and
  • the devices, products equipment, machinery, and facilities made from them,
  • ensured primarily by considering carefully the characteristics of materials used,
  • in order to safely accommodate their strengths and weaknesses.

Techniques and methods for ensuring safety in design and construction are associated with, and specifically taught to students of, traditional engineering disciplines including civil, mechanical, electrical and electronic engineering. Practitioners within these disciplines inherently study failure conditions, failure modes and mitigation of failures as a core part of their curriculum.

Those for ensuring safety in execution have traditionally as well — until the advent of software. This is because software never fails, i.e. it always executes the instructions it captures precisely and identically each time, and never fails to do so. Because of this software engineers, and those who create work instructions, are often not adequately trained in how to handle failures, and how to anticipate, to detect, and to compensate for them.

For this reason Functional Safety is a necessary and useful concept in safety analysis, and the development and deployment of safety solutions.

International Standard ISO-26262 encapsulates an approach for designing and deploying Functional Safety in electronics used in Automotive applications. There are also several others which cover Off-Highway, Aerospace, Rail and Consumer Products. All have been written to help keep people safe.

Many safety challenges are seemingly beyond the ability of current methods to resolve, primarily because technologies to mitigate them have not yet been developed, are only now being conceived of, or are currently infinitely expensive. One important way to deal with these is to sneak up on them.

Sneaking up involves understanding the odds of hazards turning into disaster in detail (statistically), and driving them down to their lowest possible value. Mathematically there is still tiny risk that someone will be hurt, but practically — in the real world — it doesn’t happen because the circumstances for most disasters are so rare that they don’t come to pass over the time period being managed.

This only works if continuous improvement is foremost in the plans for the future. Successive design upgrades are required, each pushing safety a little further forward. Non-stop incremental improvement is critical to staying ahead. Without this push, if progress stagnates, statistics will catch up and a disaster will eventually occur.

It’s very important to stay ahead of the curve. It can be done most efficiently by improving a little at a time.

Because a pandemic is not a common occurrence there are no existing international standards for creating plans, approaches and solutions that ensure the safety of customers, associates and personnel as they return to work. Thus we turn to those that do exist, looking for direction.

International standard ISO-26262, covering automotive functional safety, and its fellow industry-specific standards for functional safety are all largely derived from generic functional safety standard IEC 61508. As a result they share a common core consisting of:

  • Conducting a Hazard Analysis and Risk Assessment (HARA)
  • Generation of Safety Goals for the required solution
  • Elicitation of Safety Requirements
  • Design of a safety solution to delivery these requirements and ensure that the Safety Goals are never violated.
  • Evaluation of the relative success of several possible solutions in meeting the requirements when compared to each other and other alternatives.
  • Verification that the final chosen solution meets its intended requirements.
  • Validation to ensure that situation into which the final chosen solution is delivered is covered completely and successfully addressed by the solution.
  • Assessing the solution to confirm that it delivers the intended safety.

We’ve elected to use the automotive standard because it’s the most detailed and comprehensive of the set, has successfully generated the most successful solutions because of the size of the automotive business, and has the most experience behind it, with tens of millions of vehicles developed under it and safely travelling the roads.

ISO-26262 also features one additional important step that the others do not:

  • Auditing the solution to confirm that the process of creating it was executed correctly.

All of these steps, as captured within ISO-26262, are critical to the delivery of safe COVID-19 Back-to-Work plans, approaches, and solutions.

It’s quite easy to design solutions to problems, even very tough ones, but it’s difficult to know when you’ve completed the task optimally. Even novices can come up with excellent solutions — they might not be elegant, or simple, or efficient but they will usually serve the purpose. How do you know when you have the optimal solution?

One step in the process of developing a solution that is most often overlooked is what we call Analysis of Negatives. Many people can generate a solution, or less often a handful of them from among which to pick the best. Most often they skip the next step, which is to study the ways in which those solutions might come up short. This usually happens only in specific situations, and in conjunction with a hardware failure, or with unanticipated conditions.

The tiniest overlooked detail, if it’s not prepared for, could easily hurt someone. Analysis of Negatives is our technique for finding the weak links, especially down to the very smallest.

We leave no stone unturned. This is a business for problem-solvers who are obsessed with details. When people’s lives, health or welfare are at stake the one you miss WILL come back to haunt you.